Security

Microsoft reveals Win2K Server vulnerability

Win2K Server admins take note of this week's Exterminator findings. Microsoft has released a patch for a serious vulnerability that could allow an attacker to control your server. With five updates from Novell and four virus updates, it may be a busy day.


Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-023)
Regarding: Windows 2000 Server
Date Posted: May 1, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Yet another unchecked buffer, this time in an ISAPI extension, leaves Windows 2000 Server open to attack. Attackers who know what they’re doing could run the code of their choice and gain complete control of the server. Naturally, Microsoft urges all IIS 5.0 administrators to install the patch ASAP.

Novell issues
Regarding: NetWare 4.2, intraNetWare 4.11
Date Posted: April 30, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

If you want to load Dell’s new OpenManage-Array Manager on your NetWare 4 system, you’ll need these Winsock files.

Regarding: BorderManager Enterprise Edition 3.5, BorderManager Enterprise Edition 3.6, OnDemand
Date Posted: April 30, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses issues with VPN LAN connections. The VPN server could abend in TCPIP.NLM. The VPN server is also vulnerable to a denial of service attack.

Regarding: iChain
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses 25 known issues in the iChain product. Novell recommends installing all the fixes, not individual files.

Regarding: ZENworks for Desktops
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell’s update site says it best: “This Patch contains new versions of the scanner files” for ZENworks for Desktops 3.

Regarding: NetWare 5, NetWare 5.1, Novell Small Business Suite 5.1
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

If you missed any of the NDPS version 2.x Post CSP5 updates, this is how you get them. This update puts them all in one place for you.

Virus updates from Trend Micro
Virus/Worm: TROJ_INCOMM16A.S
Posted: April 30, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: W97M_LISTI.A
Posted: May 1, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_HAPTIME.A
Posted: May 2, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_FUNNYFILE.A
Posted: May 2, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Exterminator brings you weekly updates on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, Linux, and other systems.

Microsoft Security Bulletin (MS01-023)
Regarding: Windows 2000 Server
Date Posted: May 1, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Yet another unchecked buffer, this time in an ISAPI extension, leaves Windows 2000 Server open to attack. Attackers who know what they’re doing could run the code of their choice and gain complete control of the server. Naturally, Microsoft urges all IIS 5.0 administrators to install the patch ASAP.

Novell issues
Regarding: NetWare 4.2, intraNetWare 4.11
Date Posted: April 30, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

If you want to load Dell’s new OpenManage-Array Manager on your NetWare 4 system, you’ll need these Winsock files.

Regarding: BorderManager Enterprise Edition 3.5, BorderManager Enterprise Edition 3.6, OnDemand
Date Posted: April 30, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses issues with VPN LAN connections. The VPN server could abend in TCPIP.NLM. The VPN server is also vulnerable to a denial of service attack.

Regarding: iChain
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

This patch addresses 25 known issues in the iChain product. Novell recommends installing all the fixes, not individual files.

Regarding: ZENworks for Desktops
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

Novell’s update site says it best: “This Patch contains new versions of the scanner files” for ZENworks for Desktops 3.

Regarding: NetWare 5, NetWare 5.1, Novell Small Business Suite 5.1
Date Posted: May 2, 2001
Patch URL:Click here to download the patch.
Information URL:Click here for more information.

If you missed any of the NDPS version 2.x Post CSP5 updates, this is how you get them. This update puts them all in one place for you.

Virus updates from Trend Micro
Virus/Worm: TROJ_INCOMM16A.S
Posted: April 30, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: W97M_LISTI.A
Posted: May 1, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: VBS_HAPTIME.A
Posted: May 2, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Virus/Worm: TROJ_FUNNYFILE.A
Posted: May 2, 2001
Risk: Low
Information URL:Click here for more information on this virus.

Stay current on virus information
Are you keeping up with the latest virus information from Microsoft and Novell? If not, visit the Exterminator archive for past columns with information on bugs and patches you may have missed.

 

Editor's Picks

Free Newsletters, In your Inbox